Describing my UEFI setup

I’ve been posting a bit about UEFI. So it seems appropriate for me to describe what I am using to gain experience. And, I’ll add that part of what I know about UEFI comes from seeing the problems that others have been having, both via google searches and on opensuse forums.

The particular computer is a Dell Inspiron 660 desktop computer. It has 8G of RAM, and it came with a 1T hard drive with Windows 8 pre-installed. It has an Intel graphics card and both ethernet and WiFi network interfaces. I did connect an ethernet cable for initial setup, but have since used only the WiFi.

I decided to add a second hard drive for linux, instead of trying to shrink Windows (though I later shrunk Windows anyway). The second drive is also 1T. I used “gdisk” to set it up with GPT partitioning. And I created a 500M partition (“/dev/sdb1”) as an EFI partition near the beginning of the disk. The original drive also came with GPT partitioning and a 500M EFI partition (“/dev/sda1”).

The BIOS

The UEFI firmware replaces traditional firmware. However, people still refer to this as the BIOS, so I’ll continue to use that term.

To access the BIOS settings, I hit F2 during boot. The BIOS screen says, at the top, “Aptio Setup Utility – Copyright (C) 2012 American Megatrends, Inc.”. Dell lists this as a Dell BIOS. Presumably they have licensed some of the code used in the BIOS, including the setup utility and the UEFI support.

The BIOS is listed as version A09. The computer actually came with an earlier version (A03 or A05), and I later applied an update downloaded from the Dell site. The changes between the original BIOS and the updated one do not appear to be significant for what I have been doing.

Looking at the BOOT page of BIOS setup, I notice that there is a setting for secure-boot. The computer, as delivered, came with secure-boot enabled. I can switch that to disabled, and have done that from time to time.

There’s an option “Load Legacy OPROM”. That option is listed as disabled and the option is not accessible (cannot be changed) if secure-boot is enabled. However, once I disable secure-boot, the “Load Legacy OPROM” option shows up as enabled, but I could disable if I wished. This option, as enabled, allows booting older CDs, DVDs and USB that depend on legacy MBR based booting.

Then there’s an option for USB booting (enabled by default), and an option for Boot Mode (defaulted to UEFI, but can be switched to Legacy).

There’s a section called “Hard Disk Drivers”. If I select that, then I can switch between “Windows Boot Manager” and “opensuse-secureboot”. Basically, it allows me to change the boot order among operating systems defined in NVRAM (non-volatile RAM). I currently have “opensuse-secureboot” set as the first selection.

Boot selection

In addition to configuring boot preferences in the BIOS setup, I can hit F12 during boot. And that might give me a menu of boot choices. I say “might” because when I first did this, the computer booted straight into Windows. This was presumably because there was only one boot possibility so no actual choice available.

If I have secure-boot disabled, then hitting F12 during boot gives a menu of boot options. The UEFI boot options are listed first. And the MBR boot options are listed after that.

With secure-boot enabled, there is only a list of UEFI boot options. And only options that support secure-boot are included. My first attempt to use F12 was with secure-boot enabled. I had inserted a CD which did have a UEFI boot option but it did not support secure boot, and that’s why it was not listed and the computer booted straight into Windows.

Installing opensuse

I waited until I had added the second hard drive, before installing opensuse. My first install was the 12.3 Beta release. I had written the iso to a USB and wanted to install that. At the time, I had disabled secure-boot.

I hit F12 during the boot cycle. A menu showed up, and booting from the USB device was one of the choices available. I selected that, and booted into the installer for opensuse 12.3 Beta1.

The install was uneventful. It used “/dev/sdb1” as the EFI partition, to be mounted as “/boot/efi”. I had previously booted from live media to partition the disk as I wanted it for opensuse.

After install, the computer booted into opensuse. There was no boot option for Windows. This was the first UEFI bug that I reported. It was fixed in time for the 12.3 final release. I could still access Windows by hitting F12 during boot and selecting Windows at the boot manager.

My opensuse reinstall

Once 12.3 final became available, I installed that to replace the original install. I imported the partitioning from the prior install. I enable secure-boot before the install. With the iso written to a USB, I hit F12 during boot. The menu included the opensuse installer as one choice, so I selected that. Booting the installer went without problems, and this was with secure-boot enabled.

Again, the install went well. The installer wanted to reformat the EFI partition. I allowed that, since there was only opensuse there. But this was surely a mistaken default. Since the EFI partition is potentially shared by several operating systems, it should not be automatically reformatted.

The only other install problem was that the box for “secure-boot” was not checked. So I checked that.

After install, the system booted into opensuse 12.3. This time the boot menu did have a Windows option. Unfortunately, that windows boot option did not work if secure-boot was enabled. This problem has since been fixed. I could still boot Windows by hitting F12 during boot, and selecting Windows from the menu provided by the UEFI firmware.

A second opensuse instance

I installed a second instance of opensuse. This was mainly to test what would happen if I used the same EFI partition as Windows (i.e. “/dev/sda1”). Since my original opensuse install was working well, and I had spare disk space, I chose to install a second instance instead of messing with what was working well.

All hell broke loose. In particular, my initial install of opensuse stopped working, and after I had once booted Windows, my second instance of opensuse also stopped working. I could only boot into Windows.

It turns out that you cannot have two systems both called “opensuse-secureboot” even if they use different EFI partitions. So I renamed the second instance to “opensuse_alt-secureboot”. I did that by changing the “Distributor” name in the boot settings.

It also turns out that my BIOS allows only one bootable system per EFI partition. Or, more accurately, it retains only one system in NVRAM. So the BIOS deleted the boot entry for Windows. But the grub2-efi menu item for Windows still worked. Windows did not like that there was no boot entry. So it put its boot entry back (with top priority). And then the BIOS deleted the NVRAM entry for my second instance of opensuse.

Summary

I’ve described my system, and how I happen to have opensuse 12.3 installed twice. In retrospect, I’m glad I did it that way. I have learned a lot from what went wrong.

I’ll soon replace the second instance with a pre-release install of opensuse 13.1. I will probably do that when Milestone 2 comes out.